SNMP

SPC2517 CNP Presentation
SNMP

Anshuman Biswal
PT 2012 Batch, Reg. No.: CJB0412001
M. Sc. (Engg.) in Computer Science and Networking

Module Leader: Narasimha Murthy K. R.
Module Name: Computer Networks and Protocols
Module Code : SPC2517
M. S. Ramaiah School of Advanced Studies 1

Marking

Head Maximum Score

Technical Content 10

Grasp and Understanding 10

Delivery – Technical and 10
General Aspects
Handling Questions 10

Total 40


Presentation Outline
• Network Management History
• SNMP Versions
• What is SNMP ?
• How SNMP works?
• SNMP management component
– SMI
• SMI data Type
• SMI encoding method
• Codes of data types
– MIB
• Accessing MIB variables
• SNMP PDU ( Protocol Data Unit)
• SNMP PDU Formats
• SNMP Messages
• SNMP UDP Ports
• SNMP v3 Architecture
• SNMP v3 Management Architecture
• SNMP v3 Agent Architecture

Network Management History
• 1983 - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet
• First model for net management - HEMS - High-Level Entity Management System
(RFCs 1021,1022,1024,1076)
• 1987 - ISO OSI proposes CMIP - Common Management Information Protocol, and
CMOT (CMIP over TCP) for the actual network management protocol for use on the
internet
• Nov. 1987 - SGMP - Simple Gateway Monitoring protocol (RFC 1028)
• 1989 - Marshall T. Rose heads up SNMP working group to create a common network
management framework to be used by both SGMP and CMOT to allow for transition to
CMOT
• Apr. 1989 - SNMP promoted to recommended status as the de facto TCP/IP network
management framework (RFC 1098)
• June 1989 - IAB committee decides to let SNMP and CMOT develop separately
• Aug. 1989 - “Internet-standard Network Management Framework” defined (RFCs
1065, 1066, 1067)
• May 1990 - IAB promotes SNMP to a standard protocol with a recommended status
(RFC 1157)
• Mar. 1991 - format of MIBs and traps defined (RFCs 1212, 1215)
• TCP/IP MIB definition revised to create SNMPv1 (RFC 1213)


SNMP Versions

• Two major versions SNMPv1, SNMPv2
• SNMPv1 is the recommended standard
• SNMPv2 has become split into:
– SNMPv2u - SNMPv2 with user-based security
– SNMPv2* - SNMPv2 with user-based security and additional features
– SNMPv2c - SNMPv2 without security
• Adds “GetBulk” function and some new types
• Adds RMON (remote monitoring) capability

• SNMPv3
– SNMPv3 started from SNMPv1 (and not SNMPv2c)
– Addresses security


What is SNMP ?

• SNMP is a tool (protocol) that allows for remote and local
management of items on the network including servers, workstations,
routers, switches and other managed devices.
• It is an application level protocol and is designed for application layer
so that it can monitor devices made by different manufacturers and
installed on different physical networks.
• In other words SNMP frees management tasks from both the physical
characteristics of managed devices and the underlying network
technology.
• It is based on the concept of manager and agent.
– Agent - process running on each managed node collecting
information about the device it is running on. It is a router or a host
that runs SNMP server program
– Manager - process running on a management workstation that
requests information about devices on the network. It is a host that
runs the SNMP client program.


How SNMP works?

Management with SNMP is based on 3 basic ideas.
1. A manager checks an agent by requesting information that
reflects the behavior of the agent.
2. A manager forces an agent to perform a task by resetting values
in the agent database.
3. An agent contributes to management process by warning the
manager of an unusual situation through traps .

Commands
Responses
Notifications

Manager Agent
Internet

SNMP Management Component
SNMP SMI MIB
Structure of Management Information Management Information Base

1. It defines the format of the 1. It defines general rules for 1. It creates a collection of named
packet exchanged between a naming objects, defining object objects, their types and their
manager and an agent. types ( including range and relationships to each other in an
2. It also interprets the results and length ) and showing how to entity to be managed.
create the statistics ( often with encode objects and values.
the help of other management Note:- SMI does not define the
software.) number of objects an entity
3. The SNMP packets exchanged should manage or name the
contains the objects( variables) objects to be managed or define
names and their status ( the association between the
values).SNMP is responsible for objects and their values.
reading and changing their
values.

Analogy:
1. For writing a program we need rules i.e. syntax. It also defines structure variable (simple,
structured, pointer and so on) how the variables must be named and type of data to be used. In
network management SMI does this task.
2. Most computer language require that variables be declared. The declaration names each variable
and defines the predefine type and size. In network management this is done by MIB.
3. After declaration the program needs to write statements to store values in variables and change
them if needed. In network management this is done by SNMP.


Structure of Management Information (SMI)

• SMI is a guideline for SNMP. It emphasizes three attributes to handle
an object: name, data type and encoding method.
• Name: root
• SMI requires that each managed object have
itu-t iso-itu-u
the unique name. 0 iso
2
•To name objects globally, SMI uses an object 1
identifier which is a hierarchical identifier
based on a tree structure. org
•The tree structure starts with an unnamed root. 3
•Each object is defined by sequence of integers
separated by dots. dod
6
•The tree structure can also define an object by
using a sequence of textual names separated by
internet 1.3.6.1
dots. 1 (iso.org.dod.internet)
•The integer dot representation is used by
SNMP and the textual dot representation is used mgmt
by people. 2
•The objects that are used in SNMP are located (iso.org.dod.internet,mgmt.mib-2)
under the MIB-2 object, so their identifiers mib-2
always start with 1.3.6.1.2.1 1 1.3.6.1.2.1


SMI Data Type

• Data Type: To define data types SMI uses fundamental ASN.1 (
Abstract Syntax Notation) definitions and add some new definitions.
• Two Types: Simple Type and Structure Type
a. Simple Type: These are atomic data types. Some of them are taken
directly by ASN.1 and others are added by SMI.
b. Structure types are two types: Sequence and Sequence of
a. Sequence: A sequence data type is a combination of simple data type not
necessarily of same type. It is analogous to struct or record of C
language.
b. Sequence of: A sequence of data type is a homogeneous combination of
simple data type or a homogeneous combination of sequence data type. It
is analogous to arrays in C language.


SMI Data Type (continued)

Type Size Description
INTEGER 4 bytes An integer with a value between _231 and 231 - 1
Integer32 4 bytes Same as INTEGER
Unsigned32 4 bytes Unsigned with a value between 0 and 232 - 1
Variable
OCTET STRING Byte string up to 65,535 bytes long
OBJECT
IDENTIFIER Variable An object identifier
IPAddress 4 bytes An IP address made of four integers
An integer whose value can be incremented from 0 to
232; when it reaches its maximum value, it wraps back
Counter32 4 bytes to O.
Counter64 8 bytes 64-bit counter
Same as Counter32, but when it reaches its maximum
Gauge32 4 bytes value, it does not wrap; it remains there until it is reset
TimeTicks 4 bytes A counting value that records time in 1/100 seconds
BITS A string of bits
Opaque Variable Uninterrupted string

ASN.1 data type SMI data type


SMI Encoding Method
• SMI uses another standard , BER ( Basic Encoding rules), to encode data to be transmitted
over network.BER specifies that each piece of data be encoded in triplet format: tag, length
and value.
• Tag: It is a 1 byte field that defines the type of data. It is composed of class(2 bits), format(1
bit) and Number (5 bits).
• Class: defines scope of data. There are 4 classes: Universal (00), application wide (01),
context specific(10) and private (11).
• Universal data types: taken from ASN.1 ( INTEGER, OCTET STRING and Object Identifier)
• Application wide: are added by SMI( IP Address, Counter, Gauge and Time Ticks)
• The 5 context specific data types varies from protocol to protocol
• The Private data types are vendor specific.
• The format sub field indicate whether data is simple(0) or structured(1).
• The number subfield further divides simple or structured data type into sub groups.
• Length: The length field can be one or more bytes.
– If it is 1 byte, the MSB is 0 and the other 7 bits define length of data.
– If it is more than 1 byte, the MSB of the first byte must be 1.The other 7 bits of first byte
define the number of bytes needed to define length.
• Value: The value field codes the value of data according to the rules in BER.


Codes of Data types

Example: How to define INTEGER 14
02 04 00 00 00 0E
00000010 00000100 00000000 00000000 00000000 00001110
tag(INTEGER) Length(4 bytes) Value(14)


Management Information Base (MIB)

• The MIB-2(Management Information Base version 2 ) is the second
component used in the network management.
• Each agent (router) has its own MIB-2 which is the collection of all
objects that a manager can manage.
• The objects in MIB-2 are categorized under 10 different groups

1.3.6.1.2.1
sys snmp
1 12
Mib-2

if trans
2 11

at
3 egp
ip 8
4 icmp udp
5 tcp 7
6


Accessing MIB variables

•To access any simple variables we use the id of the group (1.3.6.1.2.1.7) followed by id
of the variable.So to access following variables
udpInDatagrams = 1.3.6.1.2.1.7.1,udpNoPorts = 1.3.6.1.2.1.7.2etc.
• But these object identifiers define variables and not the instance contents. To show the
instance or the contents we must add an instance suffix. The instance suffix for a simple
variable is simply a O. In other words, to show an instance of the above variables, we
use the following:
udpInDatagrams.O = 1.3.6.1.2.1.7.1.0, udpNoPorts.O=1.3.6.1.2.1.7.2.0
• To identify a table, we first use the table id. The udp group has only one table
(with id 5) . So to access the table, we use the following: udpTable = 1.3.6.1.2.1.7.5

Accessing MIB variables (continued)

• However, the table is not at the leaf level in the tree structure. We cannot access
the table; we define the entry (sequence) in the table (with id of 1), as follows:
udpEntry = 1.3.6.1.2.1.7.5.1. This entry is also not a leaf and we cannot access
it. We need to define each entity (field) in the entry udpLocalAddress =
1.3.6.1.2.1.7.5.1.1 and udpLocalPort = 1.3.6.1.2.1.7.5.1.2. These two variables
are at the leaf of the tree.
• Although we can access their instances, we need to define which instance. At
any moment, the table can have several values for each local address/local port
pair. To access a specific instance (row) of the table, we add the index to the
above ids.
• In MIB, the indexes of arrays are not integers (like most programming
languages). The indexes are based on the value of one or more fields in the
entries. The index of each row is a combination of two values say it can be a
combination of local port number and local address. e.g.
udpLocalAddress.181.23.45.14.23 = 1.3.6.1.2.7.5.1.1.181.23.45.14.23
• Note that not all tables are indexed in the same way. Some tables are indexed by
using the value of one field, others by using the value of two fields, and so on.

SNMP PDU(Protocol Data Unit)
GetRequest The GetRequest PDU is sent from the manager (client) to the agent (server)
to retrieve the value of a variable or a set of variables.
GetNextRequest The GetNextRequest PDU is sent from the manager to the agent to retrieve
the value of a variable.It is mostly used to retrieve the values of the entries in
a table.If the manager does not know the indexes of the entries, it cannot
retrieve the values. However,it can use GetNextRequest and define the
ObjectId of the table. Because the first entry has the ObjectId immediately
after the ObjectId of the table, the value of the first entry is returned. The
manager can use this ObjectId to get the value of the next one, and so on

GetBulkRequest The GetBulkRequest PDU is sent from the manager to the agent to retrieve a
large amount of data. It can be used instead of multiple GetRequest and
GetNextRequest PDUs
SetRequest The SetRequest PDU is sent from the manager to the agent to set (store) a
value in a variable.
Response The Response PDU is sent from an agent to a manager in response to
GetRequest or GetNextRequest. It contains the value(s) of the variable(s)
requested by the manager.

Trap The Trap (also called SNMPv2 Trap to distinguish it from SNMPv1 Trap)
PDU is sent from the agent to the manager to report an event. For example,
if the agent is rebooted, it informs the manager and reports the time of
rebooting.

InformRequest The InfornRequest PDU is sent from one manager to another remote
manager to get the value of some variables from agents under the control of
the remote manager. The remote manager responds with a Response PDU.

Report The Report PDU is designed to report some types of errors between
managers.It is not yet in use


SNMP PDU Format

• PDU type - This field defines the type of the PDU.
• Request ID- This field is a sequence number used by the manager in a Request PDU and
repeated by the agent in a response. It is used to match a request to a response.
• Error status- This is an integer that is used only in Response PDUs to show the types of errors
reported by the agent. Its value is 0 in Request PDUs
Status Name Meaning
0 noError No error
1 tooBig Response too big to fit in one
message
2 noSuchName Variable does not exist
3 badValue The value to be stored is
invalid
4 readOnly The value cannot be modified

5 genErr Other errors


SNMP PDU Format (continued)
• Nonrepeaters - This field is used only in GetBulkRequest and replaces the
error status field, which is empty in Request PDUs.
• Error index - The error index is an offset that tells the manager which variable
caused the error.
• Max-repetition - This field is also used only in GetBulkRequest and replaces
the error index field, which is empty in Request PDUs
• VarBind list - This is a set of variables with the corresponding values the
manager wants to retrieve or set. The values are null in GetRequest and
GetNextRequest.
• Note: The GetBulkRequest PDU differs from the others in two areas
– Error status and error index values are zeros for all request messages except
GetBulkRequest.
– Error status field is replaced by nonrepeater field and error index field is replaced
by max-repetitions field in GetBulkRequest.


SNMP Messages
• SNMP does not send only a PDU, it embeds the PDU
in a message.
• A message in SNMPv3 is made of four elements:
version, header, security parameters, and data (which
include the encoded PDU).
• Because the length of these elements is different from
message to message, SNMP uses BER to encode each
element. Remember that BER uses the tag and the
length to define a value.
• Version - defines the current version (3).
• Header - contains values for message identification,
maximum message size (the maximum size of the
reply), message flag (one octet of data type OCTET
STRING where each bit defines security type, such as
privacy or authentication, Or other information), and a
message security model (defining the security
protocol).
• security parameter - is used to create a message digest.


SNMP Messages (Continued )
• Data – It contains the PDU. If the data are encrypted, there is
information about the encrypting engine (the manager program
that did the encryption) and the encrypting context (the type of
encryption) followed by the encrypted PDU. If the data are not
encrypted, the data consist of just the PDU. To define the type
of PDU, SNMP uses a tag. The class is context-sensitive (10),
the format is structured (1), and the numbers are 0, 1,2, 3, 5, 6,
7, and 8


SNMP UDP Ports
• SNMP uses the services of UDP on two well-known ports, 161 and 162. port 161 is used
by the server (agent), and the port 162 is used by the client (manager).

Management Station Network Elements (NEs)

Manager Agent
SNMP SNMP
162 Any 161 Any
UDP UDP
IP IP
Network Interface Network Interface


SNMP UDP Ports (continued)
• The agent (server) issues a passive open on port 161. It then waits for a connection from a
manager (client).
• A manager (client) issues an active open, using an ephemeral port. The request messages
are sent from the client to the server, using the ephemeral port as the source port and the
well-known port 161 as the destination port.
• The response messages are sent from the server to the client, using the well-known port
161 as the source port and the ephemeral port as the destination port.
• The manager (client) issues a passive open on port 162.
• It then waits for a connection from an agent (server).
• Whenever it has a Trap message to send, an agent (server) issues an active open, using an
ephemeral port. This connection is only one-way, from the server to the client.


SNMP v3 Architecture
SNMP ENTITY

SNMP APPLICATIONS

COMMAND COMMAND NOTIFICATION NOTIFICATION PROXY
GENERATOR RESPONDER ORIGINATOR RECEIVER FORWARDER
OTHER
OTHER

SNMP ENGINE

MESSAGE PROCESSING SECURITY ACCESS CONTROL
DISPATCHER
SUBSYSTEM SUBSYSTEM SUBSYSTEM

• SNMP engine - An SNMP engine provides services for sending and receiving
messages, authenticating and encrypting messages, and controlling access to
managed objects. There is a one-to-one association between an SNMP engine
and the SNMP entity which contains it. The engine contains: 1) a Dispatcher,
2) a Message Processing Subsystem, 3) a Security Subsystem, and 4) an
Access Control Subsystem.
• SNMP engine has a unique SNMP engine id. Since there is a one-to- one
association between SNMP engines and SNMP entities, it also uniquely and
unambiguously identifies the SNMP entity within that administrative domain.


SNMP v3 Architecture (continued)
• Dispatcher- There is only one Dispatcher in an SNMP engine. It allows for
concurrent support of multiple versions of SNMP messages in the SNMP
engine. It does so by: -
– sending and receiving SNMP messages to/from the network,
– determining the version of an SNMP message and interacting with the
corresponding Message Processing Model,
– providing an abstract interface to SNMP applications for delivery of a PDU
to an application.
– providing an abstract interface for SNMP applications that allows them to
send a PDU to a remote SNMP entity.
• Message Processing Subsystem - The Message Processing Subsystem is
responsible for preparing messages for sending, and extracting data from
received messages. The Message Processing Subsystem potentially contains
multiple Message Processing Models, like SNMP v1 MPM,SNMP v2
MPM,SNMP v2c MPM. Each Message Processing Model defines the format of
a particular version of an SNMP message and coordinates the preparation and
extraction of each such version-specific message format.

SNMP v3 Architecture (continued)
• Security Subsystem - The Security Subsystem provides security services such as the
authentication and privacy of messages and potentially contains multiple Security Models.
• A Security Model specifies the threats against which it protects, the goals of its
services, and the security protocols used to provide security services such as
authentication and privacy
• A Security Protocol specifies the mechanisms, procedures, and MIB objects used to
provide a security service such as authentication or privacy.
• Access Control Subsystem - The Access Control Subsystem provides authorization
services by means of one or more Access Control Models.
• An Access Control Model defines a particular access decision function in order to
support decisions regarding access rights
• Applications - There are several types of applications, including:
– command generators, which monitor and manipulate management data, -
– command responders, which provide access to management data,
– notification originators, which initiate asynchronous messages,
– notification receivers, which process asynchronous messages, and
– proxy forwarders, which forward messages between entities. These applications make
use of the services provided by the SNMP engine.

SNMPv3 Manager Architecture
• An SNMP entity containing one or more command generator and/or notification receiver
applications (along with their associated SNMP engine) has traditionally been called an
SNMP manager.

COMMAND NOTIFICATION
GENERATOR RECEIVER

PDU MESSAGE PROCESSING SECURITY SUBSYSTEM
DISPATCHER SUBSYSTEM

SNMPv1 COMMUNITY BASED
SECURITY MODEL
MESSAGE
DISPATCHER SNMPv2C
USER BASED
SECURITY MODEL
SNMPv3
OTHER
TRANSPORT SECURITY MODEL
OTHER
MAPPINGS


SNMPv3 Agent Architecture
• An SNMP entity containing one or more command responder and/or notification
originator applications (along with their associated SNMP engine) has traditionally been
called an SNMP agent.

MANAGEMENT INFORMATION BASE

ACCESS CONTROL SUBSYSTEM
COMMAND VIEW BASED
NOTIFICATION
RESPONDER ORIGINATOR
ACCESS CONTROL

PDU MESSAGE PROCESSING SECURITY SUBSYSTEM
DISPATCHER SUBSYSTEM

SNMPv1 COMMUNITY BASED
SECURITY MODEL
MESSAGE
DISPATCHER SNMPv2C
USER BASED
SECURITY MODEL
SNMPv3
OTHER
TRANSPORT SECURITY MODEL
OTHER
MAPPINGS


Conclusion
• Simple Network Management Protocol (SNMP) is a framework for managing devices in an internet using the
TCP/IP protocol suite.
• A manager, usually a host, controls and monitors a set of agents, usually routers.
• The manager is a host that runs the SNMP client program and the agent is a router or host that runs the SNMP
server program.
• SNMP frees management tasks from both the physical characteristics of the managed devices and the underlying
networking technology.
• SNMP uses the services of two other protocols: Structure of Management Information (SMI) and Management
Information Base (MIB).
• SMI names objects, defines the type of data that can be stored in an object, and encodes the data.
• SMI objects are named according to a hierarchical tree structure.
• SMI data types are defined according to Abstract Syntax Notation 1 (ASN.l).
• SMI uses Basic Encoding Rules (BER) to encode data.
• MIB is a collection of groups of objects that can be managed by SNMP.
• MIB uses lexicographic ordering to manage its variables.
• SNMP functions in three ways:
1. A manager can retrieve the value of an object defined in an agent.
2. A manager can store a value in an object defined in an agent.
3. An agent can send an alarm message to the manager.
• SNMP defines eight types of packets: GetRequest, GetNextRequest, SetRequest,GetBulkRequest, Trap,
InformRequest, Response, and Report.
• SNMP uses the services of UDP on two well-known ports, 161 and 162.
• SNMPv3 architecture ,SNMP v3 Manager and SNMP v3 Agent Architecture.

References

[1] Forouzan B. A. (2000) Data Communication and Networking,
2nd edition, Tata McGraw-Hill.
[2] Harrington,D.,Presuhn,R.,Wijnen,B.,(2002) An Architecture for
Describing Simple Network Management Protocol (SNMP)
Management Frameworks,RFC3411[Online]
Available
From: http://www.ietf.org/rfc/rfc3411.txt (Accessed:11 October
2012)
[3] Rahul,B.(2002) Internetworking Technologies- An Engineering
perspective, Prentice hall Of India


SNMP

More Related Content

What's hot

Similar to SNMP

More from Anshuman Biswal

Recently uploaded

SNMP